This document explains how to develop an email connector in the Integrated Development Environment (IDE). The process involves:
Ingesting raw data from an email source (Gmail).
Translating that data into Google Security Operations format.
Creating cases within the platform from the translated data.
The connector scans each email message body to extract URLs. You can then use
the product integrated in Develop your first action to check if these URLs are malicious.
Understand connectors
Connectors are the entry point for alerts into Google SecOps.
Their job is to translate raw input data from multiple sources into
Google SecOps format. The connectors get alerts (or equivalent
data, such as alarms or correlation events) from third-party tools sent to the
data processing layer and send them for ingestion as Google SecOps alerts
and events.
Before you begin
Before the connector can connect to your email inbox, complete the following steps:
For testing purposes, create a new Gmail account or use an existing one.
Two-step verification: Enable two-step verification to grant Google SecOps secure access to the email inbox.
Leave your two-step verification on: Create an App Password that grants the Google SecOps platform permission to access your account. App Passwords can only be used with accounts that have two-step verification enabled.
In your Google Account, click App Passwords and then fill in the required fields:
In Select app, select Other (Custom name)
add the URL associated with your Google SecOps platform (DNS)
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eConnectors serve as the entry point for alerts into Google Security Operations, translating raw input data from various sources.\u003c/p\u003e\n"],["\u003cp\u003eThis article guides the development of an email connector to ingest data from Gmail and convert it into Google SecOps data for case creation.\u003c/p\u003e\n"],["\u003cp\u003eThe email connector will extract URLs from email bodies and assess their potential malicious nature using an integrated product.\u003c/p\u003e\n"],["\u003cp\u003eSetting up a Gmail account with 2-step verification and an App Password is required for the connector to securely access the email inbox.\u003c/p\u003e\n"],["\u003cp\u003eThe next step after prerequisite completion is the creation of the connector in the IDE, found at the "Developing the connector" link.\u003c/p\u003e\n"]]],[],null,["# Develop your first Connector\n============================\n\nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc) \nThis document explains how to develop an email connector in the Integrated Development Environment (IDE). The process involves:\n\n- Ingesting raw data from an email source (Gmail).\n- Translating that data into Google Security Operations format.\n- Creating cases within the platform from the translated data.\n\nThe connector scans each email message body to extract URLs. You can then use\nthe product integrated in [Develop your first action](/chronicle/docs/soar/respond/start-developing/my-first-action) to check if these URLs are malicious.\n\nUnderstand connectors\n---------------------\n\n\n*Connectors* are the entry point for alerts into Google SecOps.\nTheir job is to translate raw input data from multiple sources into\nGoogle SecOps format. The connectors get alerts (or equivalent\ndata, such as alarms or correlation events) from third-party tools sent to the\ndata processing layer and send them for ingestion as Google SecOps alerts\nand events.\n\nBefore you begin\n----------------\n\nBefore the connector can connect to your email inbox, complete the following steps:\n\n1. For testing purposes, create a new Gmail account or use an existing one.\n2. Two-step verification: Enable two-step verification to grant Google SecOps secure access to the email inbox.\n3. Leave your two-step verification on: Create an App Password that grants the Google SecOps platform permission to access your account. App Passwords can only be used with accounts that have two-step verification enabled.\n4. In your Google Account, click **App Passwords** and then fill in the required fields:\n - In **Select app** , select **Other (Custom name)**\n - add the URL associated with your Google SecOps platform (DNS)\n.\n5. Create the email connector in the IDE. For details, see [Develop the connector](/chronicle/docs/soar/respond/start-developing/developing-the-connector).\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
